Private Communications Technology
Encyclopedia
Private Communications Technology (PCT) 1.0 was a protocol developed by Microsoft
in the mid-1990s. PCT was designed to address security flaws in version 2.0 of Netscape's Secure Sockets Layer protocol and to force Netscape to hand control of the then-proprietary SSL protocol to an open standards body.
PCT has since been superseded by SSLv3 and Transport Layer Security
. For a while it was still supported by Internet Explorer, but the latest versions have removed it. It is still found in IIS
and in the Windows operating system libraries, although in Windows Server 2003
it is disabled by default.
Due to its near disuse, it is arguably a security risk, in particular because, being rarely used, it has received less attention in testing than commonly used protocols, and there is little incentive for Microsoft to expend effort on maintaining its implementation of it. In particular, one security vulnerability is PCT failing to properly validate message inputs.
Microsoft
Microsoft Corporation is an American public multinational corporation headquartered in Redmond, Washington, USA that develops, manufactures, licenses, and supports a wide range of products and services predominantly related to computing through its various product divisions...
in the mid-1990s. PCT was designed to address security flaws in version 2.0 of Netscape's Secure Sockets Layer protocol and to force Netscape to hand control of the then-proprietary SSL protocol to an open standards body.
PCT has since been superseded by SSLv3 and Transport Layer Security
Transport Layer Security
Transport Layer Security and its predecessor, Secure Sockets Layer , are cryptographic protocols that provide communication security over the Internet...
. For a while it was still supported by Internet Explorer, but the latest versions have removed it. It is still found in IIS
Internet Information Services
Internet Information Services – formerly called Internet Information Server – is a web server application and set of feature extension modules created by Microsoft for use with Microsoft Windows. It is the most used web server after Apache HTTP Server. IIS 7.5 supports HTTP, HTTPS,...
and in the Windows operating system libraries, although in Windows Server 2003
Windows Server 2003
Windows Server 2003 is a server operating system produced by Microsoft, introduced on 24 April 2003. An updated version, Windows Server 2003 R2, was released to manufacturing on 6 December 2005...
it is disabled by default.
Due to its near disuse, it is arguably a security risk, in particular because, being rarely used, it has received less attention in testing than commonly used protocols, and there is little incentive for Microsoft to expend effort on maintaining its implementation of it. In particular, one security vulnerability is PCT failing to properly validate message inputs.
External links
- The Private Communication Technology (PCT) Protocol (published 1995)